Password Guidance
7mBUBUwJA
7mBUBUwJA
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Page 8 <strong>Password</strong> <strong>Guidance</strong> Simplifying Your Approach<br />
Tip 4: Understand the limitations of machinegenerated<br />
passwords<br />
Machine-generated passwords eliminate those passwords that would be simple for an<br />
attacker to guess. They require little effort from the user to create, and, depending on<br />
the generation scheme, can produce passwords that are fairly easy to remember.<br />
The main advantage of machine-generated<br />
schemes is that they eliminate those passwords<br />
that would be simple for an attacker to guess.<br />
They also deliver a known level of ‘randomness’ so<br />
it’s possible to calculate the time it would take to<br />
crack the password using a brute-force attack.<br />
Compared to user-generated schemes, there is no<br />
need to use blacklisting, and user training should<br />
be simpler. They also require little effort from the<br />
user for password creation.<br />
Some machine generation schemes can produce<br />
passwords which are very difficult for people to<br />
remember. This increases both the demand on<br />
helpdesk for resets, and also the likelihood of<br />
insecure storage. They are not recommended.<br />
Instead, use a generation scheme designed for<br />
high memorability (such as passphrases, 4 random<br />
dictionary words or CVC-CVC-CVC 4 style<br />
passwords). Ideally, you should give users a<br />
choice of passwords, so they can select the one<br />
they find the most memorable.<br />
Technical controls<br />
Technical controls such as account lockout,<br />
throttling or protective monitoring are still<br />
relevant when using machine-generated<br />
passwords.<br />
In summary<br />
<br />
<br />
<br />
Choose a scheme that produces<br />
passwords that are easier to remember.<br />
Offer a choice of passwords, so users can<br />
select one they find memorable.<br />
As with user-generated passwords, tell<br />
users that work passwords protect<br />
important assets; they should never reuse<br />
passwords between work and home.<br />
4 Consonant-vowel-consonant constructions